Maliciious Spam App Found in App Store

Apple has had a fairly good record in iOS security. There still has not been a very serious breach of security or malware outbreak, aside from what the jailbreak developers have found.

But this morning, Kapersky Labs has released a statement saying that there has been a malicious (trojan) app in the App Store:

“Yesterday we were contacted by our partner MegaFon, one of the major mobile carriers in Russia. They notified us about a suspicious application, which was found in both the Apple App Store and Google Play. At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself.
However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The ‘replication’ part is done by the server – SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.”

The app, known as Find and Call, has been pulled by Apple, but the fact that it has made it into the App Store with Apple's tedious App Review process in place is scary.

Apple has always been praised for keeping such apps out of its marketplace, and it's what makes people very tolerant about its strict App Store policies.

It would be surprising to know what Apple has to say, if they have anything to say.